Target Audience: General Managers

Training Tip: Ask the audience if they are familiar with proper records management?

Ask a member of the audience to share a story about a record that they needed but could not find because their storage room was unorganized.

Main Content: This program is designed to introduce General Managers to the importance of proper records management techniques.

One of the critical information security risks for hotels is physical documents, which may contain personally identifiable information of guests and employees. Hotels generate a lot of paper documents! Know the guidelines when it comes to proper records management including storage, retention, and disposal.

Document Destruction and Disposal

Documents that may contain sensitive, financial, or personal data should be shredded. Personal shredders can be placed throughout your back office to shred credit card information or other financial data that may have been printed. Or, you are free to choose an off-site document destruction supplier in your area who will have multiple options for onsite shred bins they can bring to your hotel to use to hold sensitive information you want destroyed that does not need to be retained. IHG has a corporate agreement with Iron Mountain who offers secure offsite document destruction. Discounts are available if you work with IHG Corporate to obtain preferred pricing with Iron Mountain.

Additionally, destruction of sensitive information does not stop at just documents. After their useful lives, destroy hard drives and other data media that may contain sensitive data.

Keeping records at your hotel

Even though some documents produced at your hotel contain personally identifiable information, there is not a hard and fast rule that all documents with sensitive information should be shredded. There are legal and governmental requirements governing the retention and disposition of certain types of records in your hotel such as audit packs, key logs, and payroll registers, for example. At your General Manager training, you should have been provided example retention guidelines for some hotel related records. It is important to understand the implications of not abiding by document retention requirements as you are creating a threat to your property if these records are not available for litigation, subpoenas, or governmental investigations.

Storing all sensitive documents as well as back-up tapes in a locked, secure area is the best way to decrease your risk of having personally identifiable information stolen. For instance, if you store your audit packs in an unlocked, easily accessible room, these documents can be easily stolen or lost. If the audit packs end up in the wrong hands, you could be opening the door to identity theft for each guest listed in your documentation. Due to the magnitude of risk, you should restrict access to records to key personnel only. Additionally, you should consider placing security cameras in or near document storage rooms in order to monitor activity in the room.

It is also a good idea to maintain logs of files and boxes of documents you are retaining. Once you have a master list of what should be in your secured storage room, perform periodic checks to account for the files and boxes to ensure they have not been stolen or lost.

Also, while working with documents which contain sensitive information, be smart and do not leave them unattended. Lock them away in a desk drawer while you are away.

Off-Site Storage

Sensitive data should not be stored in self-storage facilities or at employee homes. You should store your paper and electronic documents in a secure environment. Consider contracting off-site storage with a records management provider. You are free to consult with vendors in your area or you can easily work with IHG Corporate to obtain preferred pricing on off-site document storage with Iron Mountain. IHG has a corporate agreement with Iron Mountain who will give you the functionality to manage your records online and maintain access to them 24 hours a day, 7 days a week. Plus, they do all the work for you and will pick up your records and drop them off when you recall them. This is a much safer option for your records which may contain sensitive information. You should avoid transporting sensitive information in employee cars or on public transit as this can open the door to theft or even unintended damage.